Hi All I am running two instances of samba on same box. One instance of samba has joined AD domain ABC and the other 123. My workstation is on ABC domain and when I try to connect to samba server on ABC domain, it asks me for user name and password and then fails. If I put IP address instead it works. At the same time, when I try to connect to 123 domain, it asks me for user name and password and authenticates me without any problem. I set the debug level to 9 on both the instances. I am not running winbind - please dont ask me why. The strange problem is when a user who has same unix and windows account in ABC domain, when he tries to log into the samba server which is on ABC domain, it works with hostname where as folks who has different accounts on windows and unix, it dosent work for them with hostname but with IP.
The Global section of both the instances is similar, here is the global section of samba server which is binding to ABC domain: - #======================= Global Settings ===================================== [global] socket options = TCP_NODELAY IPTOS_LOWDELAY netbios name = TST-SMB-DEV workgroup = ABC server string = tst-smb-dev Server ver %v security = ADS log file = /opt/local/samba-3.6.7/dev/logs/log.%m max log size = 50 password server = AD1.ABC.com AD2.ABC.com encrypt passwords = yes realm = ABC.COM local master = no domain master = no domain logons = no dns proxy = no smb passwd file = /opt/local/samba-3.6.7/dev/private private dir = /opt/local/samba-3.6.7/dev/private username map = /opt/local/samba-3.6.7/dev/users.map pid directory = /opt/local/samba-3.6.7/dev bind interfaces only = yes wins support = no domain master = no locking = yes lock directory = /opt/local/samba-3.6.7/dev/var/locks preserve case = yes short preserve case = yes load printers = no printcap name = /dev/null deadtime = 15 preferred master = no guest account = nobody guest ok = no syslog = 0 interfaces = 10.20.20.3 socket address = 10.20.20.3 kerberos method = system keytab log level = 9 ---------------------------------------------------------------------------------------------------------------------------- Here are the logs when user whose mapping is defined in users.map tries to log into samba instance which is binding to ABC domain [2012/10/10 15:07:11.896408, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: foo [Foo Bar] [2012/10/10 15:07:11.896530, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [f...@abc.com] [2012/10/10 15:07:11.896611, 4] auth/user_util.c:361(map_username) Scanning username map /opt/local/samba-3.6.7/dev/users.map [2012/10/10 15:07:11.896665, 3] auth/user_util.c:402(map_username) Mapped user ABC\foo to bar [2012/10/10 15:07:11.896725, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user bar [2012/10/10 15:07:11.896758, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is bar [2012/10/10 15:07:11.897025, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [bar]! [2012/10/10 15:07:11.897418, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /opt/local/Samba/lib/smb.conf.dev -> /opt/local/Samba/lib/smb.conf.dev last mod_time: Wed Oct 10 15:06:58 2012 [2012/10/10 15:07:11.897530, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user ABC\foo [2012/10/10 15:07:11.897562, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is ABC\foo [2012/10/10 15:07:11.897648, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is ABC\foo [2012/10/10 15:07:11.897725, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ABC\foo [2012/10/10 15:07:11.897798, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in ABC\foo [2012/10/10 15:07:11.897832, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [ABC\foo]! [2012/10/10 15:07:11.897861, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user foo [2012/10/10 15:07:11.897896, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is foo [2012/10/10 15:07:11.897973, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is foo [2012/10/10 15:07:11.898045, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in foo [2012/10/10 15:07:11.898077, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [foo]! [2012/10/10 15:07:11.898222, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user foo [2012/10/10 15:07:11.898256, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is foo [2012/10/10 15:07:11.898332, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is foo [2012/10/10 15:07:11.898403, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in foo [2012/10/10 15:07:11.898441, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [foo]! [2012/10/10 15:07:11.898471, 3] auth/auth_util.c:1121(check_account) Failed to find authenticated user ABC\foo via getpwnam(), denying access. [2012/10/10 15:07:11.898502, 1] auth/user_krb5.c:211(make_server_info_krb5) make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! -------------------------------------------------------------------------------------------------------------------------------------------- here is my users.map foo = ABC\bar on the other instance: - [global] socket options = TCP_NODELAY IPTOS_LOWDELAY netbios name = TST-SMB-UAT workgroup = 123 server string = tst-smb-uat Samba Server ver %v security = ADS #map untrusted to domain = Yes log file = /opt/local/samba-3.6.7/uat/logs/log.%m log level = 5 max log size = 50 password server = AD1.123.com encrypt passwords = yes realm = 123.COM local master = no domain master = no domain logons = no dns proxy = no smb passwd file = /opt/local/samba-3.6.7/uat/private private dir = /opt/local/samba-3.6.7/uat/private username map = /opt/local/samba-3.6.7/uat/users.map pid directory = /opt/local/samba-3.6.7/uat bind interfaces only = yes wins support = no domain master = no allow trusted domains = yes locking = yes lock directory = /opt/local/samba-3.6.7/uat/var/locks preserve case = yes short preserve case = yes name resolve order = host bcast load printers = no printcap name = /dev/null deadtime = 15 preferred master = no syslog = 0 interfaces = 10.20.20.4 ---------------------------------------------------------------------------------------- and logs are: - [2012/10/10 16:15:26.386651, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID foo is not in a valid format [2012/10/10 16:15:26.386693, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/10 16:15:26.386725, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/10 16:15:26.386753, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/10 16:15:26.386781, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/10/10 16:15:26.386827, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/10 16:15:26.386900, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_foo [2012/10/10 16:15:26.386952, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/10/10 16:15:26.386988, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/10/10 16:15:26.387019, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/10/10 16:15:26.387047, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/10/10 16:15:26.387074, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/10/10 16:15:26.387101, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/10 16:15:26.387196, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/10/10 16:15:26.387256, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user foo [2012/10/10 16:15:26.387287, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is foo [2012/10/10 16:15:26.387318, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [foo]! [2012/10/10 16:15:26.387362, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user foo [2012/10/10 16:15:26.387392, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is foo [2012/10/10 16:15:26.387423, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [foo]! [2012/10/10 16:15:26.387467, 3] smbd/service.c:872(make_connection_snum) ------------------------------------------------------------------------------------------------------------------------------------- and my users.map foo = bar 123\bar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ any suggestions? thanks Nitin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba